package com.ag.oa.config;

import com.ag.oa.shiro.UserRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Bean
    public DefaultWebSessionManager sessionManager() {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        // 去掉url后的jsessionid
        sessionManager.setSessionIdUrlRewritingEnabled(false);
        return sessionManager;
    }

    @Bean
    public SecurityManager securityManager(UserRealm userRealm) {

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm);
        securityManager.setRememberMeManager(null);
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {

        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);

        Map<String, String> filterMap = new LinkedHashMap<>();

        // 设定用户没有登录认证时的跳转链接, 没有权限时的跳转链接
        shiroFilter.setLoginUrl("/login");  // 未登录页面
        shiroFilter.setUnauthorizedUrl("/");  // 未授权页面

        // 静态资源放行
        filterMap.put("/css/**", "anon");
        filterMap.put("/img/**", "anon");
        filterMap.put("/js/**", "anon");
        filterMap.put("/lib/**", "anon");
        filterMap.put("/page/**", "anon");

        // 过滤小程序请求的数据
        filterMap.put("/message/**", "anon");
        filterMap.put("/news/**", "anon");
        filterMap.put("/project/**", "anon");
        filterMap.put("/redis/**", "anon");
        filterMap.put("/sign/**", "anon");
        filterMap.put("/task/**", "anon");
        filterMap.put("/user/**", "anon");
        filterMap.put("/webQR/**", "anon");
        filterMap.put("/weekly/**", "anon");
        filterMap.put("/getQAUser/**", "anon");
        filterMap.put("/Question/**", "anon");
        filterMap.put("/feedback/**", "anon");


        // 登录 or 退出登录
        filterMap.put("/sys/toLogin", "anon");

        // 需要认证才能访问的
        filterMap.put("/**", "authc");

        shiroFilter.setFilterChainDefinitionMap(filterMap);
        return shiroFilter;
    }

    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {

        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

}
